[Catalyst] HOWTO: extend the Authentication tutorial example and
redirect to original URI
Bill Moseley
moseley at hank.org
Fri Mar 30 05:50:13 GMT 2007
On Thu, Mar 29, 2007 at 12:40:51PM -0500, Dave Rolsky wrote:
> On Thu, 29 Mar 2007, Bill Moseley wrote:
>
> >This always makes me wish for a 4xx code that could be returned to the
> >client but not force the browser to ask for authentication. After
> >all, the user is not currently authorized to view the page. And the
> >idea being that the browser would not cache the 4xx response.
>
> Your wish is granted. If you return a 401 with an HTML body, it should
> work. They won't get an auth popup unless you send a WWW-Authenticate
> header.
Thanks. Do I have two more wishes? RFC2616 says you MUST send a
WWW-Authenticate header with the 401 response. I know it works on
most browsers.
Hum, well w3c is the only client I could find that prompted for a
password. Not sure I've ever seen w3c in the server logs...
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list